Proofs of Fermat's theorem on sums of two squares

with integerx and y if and only if p is congruent to 1 (mod 4). The statement was announced by Fermat in 1640, but he supplied no proof.

The "only if" clause is easy: a perfect square is congruent to 0 or 1 modulo 4, hence a sum of two squares is congruent to 0, 1, or 2. An odd prime number is congruent to either 1 or 3 modulo 4, and the second possibility has just been ruled out. The first proof that such a representation exists was given by Leonhard Euler in 1747 and was complicated. Since then, many different proofs have been found. Among them, the proof using Minkowski's theorem about convex sets[1] and Don Zagier's short proof based on involutions have appeared.

Euler succeeded in proving Fermat's theorem on sums of two squares in 1749, when he was forty-two years old. He communicated this in a letter to Goldbach dated 12 April 1749.[2] The proof relies on infinite descent, and is only briefly sketched in the letter. The full proof consists in five steps and is published in two papers. The first four steps are Propositions 1 to 4 of the first paper[3] and do not correspond exactly to the four steps below. The fifth step below is from the second paper.[4]

1. The product of two numbers, each of which is a sum of two squares, is itself a sum of two squares.

2. If a number which is a sum of two squares is divisible by a prime which is a sum of two squares, then the quotient is a sum of two squares. (This is Euler's first Proposition).

Indeed, suppose for example that is divisible by and that this latter is a prime. Then divides

Since is a prime, it divides one of the two factors. Suppose that it divides . Since

(Diophantus identity) it follows that must divide . So the equation can be divided by the square of . Dividing the expression by yields:

and thus expresses the quotient as a sum of two squares, as claimed.

If divides , a similar argument holds by using

(Diophantus identity).

3. If a number which can be written as a sum of two squares is divisible by a number which is not a sum of two squares, then the quotient has a factor which is not a sum of two squares. (This is Euler's second Proposition).

Suppose divides and that the quotient, factored into its prime factors is . Then . If all factors can be written as sums of two squares, then we can divide successively by , , etc., and applying the previous step we deduce that each quotient is a sum of two squares. This until we get to , concluding that would have to be the sum of two squares. So, by contraposition, if is not the sum of two squares, then at least one of the primes is not the sum of two squares.

4. If and are relatively prime then every factor of is a sum of two squares. (This is Euler's Proposition 4. The proof sketched below includes the proof of his Proposition 3).

This is the step that uses infinite descent. Let be a factor of . We can write

where and are at most half of in absolute value. This gives:

Therefore, must be divisible by , say . If and are not relatively prime, then their gcd must be relatively prime to (else the common factor of their gcd and would also be a common factor of and which we assume are relatively prime). Thus the square of the gcd divides (as it divides ), giving us an expression of the form for relatively prime and , and with no more than half of , since

If and are relatively prime, then we can use them directly instead of switching to and .

If is not the sum of two squares, then by the third step there must be a factor of which is not the sum of two squares; call it . This gives an infinite descent, going from to a smaller number , both not the sums of two squares but dividing a sum of two squares. Since an infinite descent is impossible, we conclude that must be expressible as a sum of two squares, as claimed.

5. Every prime of the form is a sum of two squares. (This is the main result of Euler's second paper).

If , then by Fermat's Little Theorem each of the numbers is congruent to one modulo . The differences are therefore all divisible by . Each of these differences can be factored as

Since is prime, it must divide one of the two factors. If in any of the cases it divides the first factor, then by the previous step we conclude that is itself a sum of two squares (since and differ by , they are relatively prime). So it is enough to show that cannot always divide the second factor. If it divides all differences , then it would divide all differences of successive terms, all differences of the differences, and so forth. Since the th differences of the sequence are all equal to (Finite difference), the th differences would all be constant and equal to , which is certainly not divisible by . Therefore, cannot divide all the second factors which proves that is indeed the sum of two squares.

A (binary) quadratic form will be taken to be an expression of the form with integers. A number is said to be represented by the form if there exist integers such that . Fermat's theorem on sums of two squares is then equivalent to the statement that a prime is represented by the form (i.e., , ) exactly when is congruent to modulo .

The discriminant of the quadratic form is defined to be (this is the definition due to Gauss; Lagrange did not require the term to have even coefficient, and defined the discriminant as ). The discriminant of is then equal to .

Two forms and are equivalent if and only if there exist substitutions with integer coefficients

with such that, when substituted into the first form, yield the second. Equivalent forms are readily seen to have the same discriminant. Moreover, it is clear that equivalent forms will represent exactly the same integers.

Lagrange proved that all forms of discriminant −1 and are equivalent (a form satisfying this conditions is said to be reduced). Thus, to prove Fermat's theorem it is enough to find any reduced form of discriminant −1 that represents . To do this, it suffices to find an integer such that divides . For, finding such an integer, we can consider the form

which has discriminant −1 and represents p by setting x = 1 and y = 0.

Suppose then that p = 4n + 1. Again we invoke Fermat's Little Theorem: for any z relatively prime to p, we know that p divides . Moreover, by a theorem of Lagrange, the number of solutions modulo p to a congruence of degree q modulo p is at most q (this follows since the integers modulo p form a field, and a polynomial of degree q has at most q roots). So the congruence has at most 2n solutions among the numbers 1, 2, …, p − 1 = 4n. Therefore, there exists some positive integer z strictly smaller than p (and so relatively prime to p) such that p does not divide . Since p divides , p must divide . Setting completes the proof.

1. First proof. If is an odd prime number, then we have in the Gaussian integers. Consequently, writing a Gaussian integer ω = x + iy with x,y ∈ Z and applying the Frobenius automorphism in Z[i]/(p), one finds

since the automorphism fixes the elements of Z/(p). If p is congruent to 1 modulo 4, then the right hand side equals ω, so in this case the Frobenius endomorphism of Z[i]/(p) is the identity. Kummer had already established that if f ∈ {1,2} is the order of the Frobenius automorphism of Z[i]/(p), then the ideal in Z[i] would be a product of 2/f distinct prime ideals. (In fact, Kummer had established a much more general result for any extension of Z obtained by adjoining a primitive m-th root of unity, where m was any positive integer; this is the case m = 4 of that result.) In the current case, for some integer n, and so in the above expression for ωp, the exponent (p-1)/2 of -1 is even. Therefore the ideal (p) is the product of two different prime ideals in Z[i]. Since the Gaussian integers are a Euclidean domain for the norm function , every ideal is principal and generated by a nonzero element of the ideal of minimal norm. Since the norm is multiplicative, the norm of a generator of one of the ideal factors of (p) must be a strict divisor of , so that we must have , which gives Fermat's theorem.

2. Second proof. This proof builds on Lagrange's result that if is a prime number, then there must be an integer m such that is divisible by p (we can also see this by Euler's criterion); it also uses the fact that the Gaussian integers are a unique factorization domain (because they are a Euclidean domain). Since p ∈ Z does not divide either of the Gaussian integers and (as it does not divide their imaginary parts), but it does divide their product , it follows that cannot be a prime element in the Gaussian integers. We must therefore have a nontrivial factorization of p in the Gaussian integers, which in view of the norm can have only two factors (since the norm is multiplicative, and , there can only be up to two factors of p), so it must be of the form for some integers and . This immediately yields that .

If p = 4k + 1 is prime, then the set S = {(x, y, z) ∈ N3: x2 + 4yz = p} is finite and has two involutions: an obvious one (x, y, z) → (x, z, y), whose fixed points correspond to representations of p as a sum of two squares, and a more complicated one,

which has exactly one fixed point, (1, 1, k); however, the number of fixed points of an involution of a finite set S has the same parity as the cardinality of S, so this number is odd (hence, not zero) for the first involution as well, proving that p is a sum of two squares.

This proof, due to Zagier, is a simplification of an earlier proof by Heath-Brown, which in turn was inspired by a proof of Liouville. The technique of the proof is a combinatorial analogue of the topological principle that the Euler characteristics of a topological space with an involution and of its fixed point set have the same parity and is reminiscent of the use of sign-reversing involutions in the proofs of combinatorial bijections.